Security

My LDAP strategy is disabled and I cannot enable it. Why?

lycollicott
Motivator

it creates fine and connects to the ldap server fine, but just won't enable. Is
Here is my authentication.conf (which is identical to an instance which works)....

[xxx.domain.com]
SSLEnabled = 0
anonymous_referrals = 1
bindDN = CN=splunkldap,OU=Hosting - Operations Analysts,OU=Prod-Users,DC=xxx,DC=domain,DC=com
bindDNpassword = xxxxxxxxxxxxxxxxxxxxxxxxxxx
charset = utf8
emailAttribute = mail
groupBaseDN = ou=Prod-Users,DC=xxx,DC=domain,DC=com
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = *******
nestedGroups = 0
network_timeout = 20
port = 389
realNameAttribute = cn
sizelimit = 1000
timelimit = 15
userBaseDN = ou=Prod-Users,DC=xxx,DC=domain,DC=com
userNameAttribute = samaccountname

[authentication]
authSettings = xxx.domain.com
authType = LDAP
0 Karma
1 Solution

javiergn
Super Champion

Hi,

  • Do you have a valid Enterprise License or are you using a free one? The latter won't allow LDAP. See this: http://www.splunk.com/en_us/products/splunk-enterprise/free-vs-enterprise.html

  • Did you re-enter the LDAP user password in the GUI in your second instance? The password is encoded with a local key and this is likely going to be different between your two instances

  • Is the account you are using to connect to AD locked out?

Hope that helps.

View solution in original post

0 Karma

AlexKamalov
New Member

Pardon for being redundant. I have a DEV/Test Enterprise Non-Production  license for Splunk, expiring in Mar 6, 2021. Will Splunk still refuse to enable LDAP under this licensing term?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

https://www.splunk.com/en_us/resources/personalized-dev-test-licenses/faq.html Based on that I suppose that it don’t support LDAP. You could check from _internal which features are enabled after starting your instance.

r. Ismo

0 Karma

javiergn
Super Champion

Hi,

  • Do you have a valid Enterprise License or are you using a free one? The latter won't allow LDAP. See this: http://www.splunk.com/en_us/products/splunk-enterprise/free-vs-enterprise.html

  • Did you re-enter the LDAP user password in the GUI in your second instance? The password is encoded with a local key and this is likely going to be different between your two instances

  • Is the account you are using to connect to AD locked out?

Hope that helps.

0 Karma

lycollicott
Motivator

Ah, it was a heavy forwarder I had converted to a forwarder license and that only includes Auth instead of LDAPAuth.

0 Karma

prateedshetty
Path Finder

Hi,

I'm facing the same issue. Can you please let me know what change you made?

TIA

0 Karma

lycollicott
Motivator

I configured my heavy forwarder to use my license manager server.

You do that from Settings->Licensing

0 Karma

prateedshetty
Path Finder

Oh got it! Thanks 🙂

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...